[Gray226]

I found it interesting how the hacker/researcher was able to scan the Sprint network to identify vulnerable Jeeps. Scanning for IP addresses communicating with cell towers is typically not publicly accessible, and connectivity through the Sprint network certainly played a role in this hack.

Any thoughts on whether this vulnerability was partially enabled by Sprint's network?

Also, I'm really questioning the authentication signatures used by Uconnect. Unless their was some spoofing involved, it should not have been able to receive commands from a random laptop.

[belfastdispatcher]

Welcome to the ****y reality of IOT future, the real question is why the hell would anybody want all that crap in their car in the first place?

[belfastdispatcher]

A car is not a tablet, it needs to work properly from the moment you leave the showroom.

It might excite you that you get "updates" via the internet but in reality you just accepted a half baked product.

[Mausje75]

If I want a update i replace the..

Bougies, change oil, contact breaker points, condensator, rotor, distribution cap. Adjust the timing.. if needed adjust the carburetor.. and i'm good to go...

Sure.. when anything works as it should be.. all the bells and whistles could be fun (not for me though) but when anything goes wrong.. you have to bring it to the garage and pay big buks to have it fixed.. and the inconvenience and time you loose. You can't do anything yourself these days with modern cars.

And if the police wants to pull you over.. and you don't want to ( have to go to the hospital) they could stop you in the future with a kind of EMP device / gun... it shuts down your car completely..and it is wrecked.. ( all circuit are fried)
An old car could drive on.. even if it's EMPed...

Posted via my awesome Classic

[Ment]

Jeep recall for this exploit. Estimated impact 1.4M vehicles.

2013-2015 Dodge Viper specialty vehicles;
2013-2015 Ram 1500, 2500 and 3500 pickups;
2013-2015 Ram 3500, 4500, 5500 Chassis Cabs;
2014-2015 Jeep Grand Cherokee and Cherokee SUVs;
2014-2015 Dodge Durango SUVs;
2015 Chrysler 200, Chrysler 300 and Dodge Charger sedans;
And 2015 Dodge Challenger sports coupes.

[Bla1ze]

https://twitter.com/andreabellemare/...27499977285632

[southlander]

Predictable that this would happen. It always seems when things become "connected" that were not, it turns out engineering shortcuts have been taken that create these issues. Shortcuts that made development or servicing easier in some way.

The stuff just needs to be hardened. Think Windows 95 at this point.

[TXBBguy]

From the link:



Hehe, maybe BB10 will continue on as a car OS/overlay. You don't need 1.5 millions app store if you do it right.

Reading about all this integration with external sources makes me think investing in tinfoil hats will be a solid investment for 2016. Not for me...

It also tells me the cost to operate a vehicle in the future is going to increase exponentially.

Right.

U connect 5.0 was Microsoft, so was the 2013 Ford that got hacked. Ford Sync3 is QNX, as is U connect 8.4.

Posted via CB10

[AnimalPak200]

Just use an old-fashioned car key to unlock annd start your old-fashioned car....

Anyone still know how this combination works? :


Attachment 363858

Posted via my awesome Classic

The number of times I got 'locked out' of my 2003 ford focus with no power anything (couldn't afford it) when the locks froze, only beats the number of times I got locked IN with the handle doing nothing and me having to climb out the window (rolled down manually nicely though!). I also had to have the ignition key cylinder replaced twice in the span of ten years because apparently they eventually break.

So yeah... I think 'modern' mechanical components are no more 'reliable' than their electronic counterparts,.. so we lose either way.

I guess the real question is why anyone would want to bother messing around with an already terrible driver population. I mean,.. most drivers on the road are a bigger tangible threat than some wiz kids in China... at least they're probably paying attention to what they're doing.



Posted via CB10

[filanto]

Is that like real murican , eh!

Unless you are a "Yooper ". You know from da UP eh!

Posted via CB10

[TX Jedi]

Update from BlackBerry fact check : http://blogs.blackberry.com/2015/08/...seeking-alpha/

Posted via CB10

[LoganSix]

When I asked the hackers about QNX and the hack.

[Supa_Fly1]

When I asked the hackers about QNX and the hack.

Could you post a tweet screeny?

Posted via CB10

[LoganSix]

I basically requested a quick response on a SeekingAlpha article from Charlie Miller and Chris Valasek, who both have Twitter accounts. Charlie Miller is the one who replied back. No other comment from Chris, so I would assume he agrees with the quick response.

hack doesn't have anything to do with qnx security

[BerrySoul]

It has already been debunked. Media missinformed as usual against BlackBerry.

  